"Kevin O'Connor" <kevin@koconnor.net>
wrote on 01/08/2016 01:05:05 PM:
> From: "Kevin O'Connor" <kevin@koconnor.net>
> To: Stefan Berger/Watson/IBM@IBMUS
> Cc: "seabios@seabios.org" <seabios@seabios.org>,
Stefan Berger
> <stefanb@linux.vnet.ibm.com>
> Date: 01/08/2016 01:05 PM
> Subject: Re: [SeaBIOS] SeaBIOS Digest, Vol 72,
Issue 33
>
> On Fri, Jan 08, 2016 at 12:19:52PM -0500, Stefan Berger wrote:
> > "Kevin O'Connor" <kevin@koconnor.net> wrote on
01/08/2016 11:41:13 AM:
> > > On Thu, Jan 07, 2016 at 03:39:13PM -0500, Stefan Berger
wrote:
> > > > "Kevin O'Connor" <kevin@koconnor.net>
wrote on 01/07/2016 03:14:37 PM:
> > > > > I don't have input on what TPM2 organization should
look like,
> > mainly
> > > > > because I don't know what TPM2 entails. I
gather the TIS commands
> > are
> > > > > changing, but what else changes? Does the
ACPI log, BIOS interface,
> > > > > or tpm menu change? Do you have a pointer
to the TPM2 spec (when I
> > > > > last looked it seemed that TPM2 was still being
worked on).
> > > >
> > > > The TIS got more registers; some flags allow detection
of the TPM
> > version.
> > > >
> > > > All commands changed -- no backwards compatibility.
The header
> > 'fields'
> > > > are the same, their ordinal and tag values are not.
> > > >
> > > > Spec:
> > > >
> > http://www.trustedcomputinggroup.org/resources/tpm_library_specification
> > >
> > > Thanks. Does the hardware interface change as well
(ie, is it still
> > > the same reads/writes to MMIO at 0xfed40000)?
> > >
> >
> > It has the same address, but one or two more registers.
>
> Does it require a different tpm_drivers.c implementation - with
> something like tpmhw1_transmit() and tpmhw2_transmit() functions?
No. Only an extension to the probing function that
interprets the flags from the
new registers to determine TPM1.2 or TPM2.
>
> > > My initial thought would be to do what you've proposed -
have wrapper
> > > functions around the TPM commands (eg, tpm_extend, tpm_get_capability,
> > > read_permanent_flags) and teach those functions how to send
the two
> > > different styles of commands (and translate the responses
if
> > > necessary).
> >
> > So the good thing is that some of the code can be shared between
1.2 and
> > 2.0,
> > to a certain 'depth' at least. An example of a shared function
would be
> > this one.
> >
> > static void
> > tpm_add_event_separators(void)
> > {
> > static const u8 evt_separator[] = {0xff,0xff,0xff,0xff};
> > u32 pcrIndex;
> > for (pcrIndex = 0; pcrIndex <= 7; pcrIndex++)
> > tpm_add_measurement_to_log(pcrIndex,
EV_SEPARATOR,
> >
NULL, 0,
> >
evt_separator,
> >
sizeof(evt_separator));
> > }
> >
> > Following this function further down:
> >
> > tpm_add_measurement_to_log() [on current master] can be completely
> > shared as well. tpm_log_extend_event would need to become a function
that
> > branches into tpm12_log_extend_event and tpm2_log_extend_event,
depending
> > on detected version of TPM.
>
> Sounds like a new tpm_extend() function could be made with just the
> hardware command. And then it could handle the v1 and v2 cases
and
> thus reduce the amount of duplicated code.
Yes, there should be a tpm_extend() function branching
into tpm12_extend()
and tpm2_extend().
>
> > tpm_log_event could again be shared since ACPI logging is the
same.
> > Same for tpm_fill_hash for as long as we only support sha1.
> >
> > Basically all functions where commands are created cannot be
shared.
> > Also TPM 2's initialization is a bit different and it supports
more
> > hashes.
>
> If the init is notable different maybe just do tpm1_startup() and
> tpm2_startup()?
Yes, something like that.
>
> > So it actually speaks against splitting this up into different
files, but
> > the
> > outcome may be that the code would show a mix of tpm12_*, tpm2_*,
and
> > tpm_* functions in the format of
> >
> > tpm12_foo() { [...] }
> >
> > tpm2_foo() { [...] }
> >
> > tpm_foo() {
> > switch (tpmversion) {
> > 1.2:
> > return tpm12_foo()
> > 2:
> > return tpm2_foo()
> > }
> > }
>
> Okay. But, I would say that if both tpm12_foo() and tpm2_foo()
are
> both only a few lines that it might be better to just inline it all
> into tpm_foo(). An 'if' might be more succinct also - hopefully
there
> isn't a tpm3 in the works..
Not that I know of :-)
>
> > tpm_xyz() { [...] }
> >
> > tpm12_bar() { [...] }
> >
> > tpm2_bar() { [...] }
> >
> > [...]
> >
> > That's what I did before...
>
> Oh, were there tpm2 patches available? I must have missed them.
No, I never showed them.
Stefan
>
> > If none of the code could be shared the decision to split it
up completely
> > would be a lot easier.
>
> Agreed.
>
> -Kevin
>